While there’s talk that investment dollars for security startups are getting harder to find, entrepreneurs still manage to deliver a range of hardware, software and services that protect data, networks and corporate reputations.

This roundup of 13 such companies that we’re keeping an eye on runs the gamut from cloud security services to fraud prevention to protecting supervisory control and data acquisition (SCADA) and Internet of Things devices.

These vendors clearly see the value of assessing the strength of network security architectures. Among them are four startups that simulate attacks against networks in order to test how well their defenses work and to help security staffers get the hang of what it’s like to get hit by a range of exploits and to hone their responses. AttackIQ, Cybric, SafeBreach and Verodin all have variations on this theme but all try to probe networks for vulnerabilities that could be strung together to create successful intrusions.

SCADA and IoT devices remain a concern because often they weren’t designed with security in mind and may be constrained by limited processor power and memory to support their own security. Two vendors – Indegy and ZingBox – are working on products that place defenses for these unprotected assets at the first network device they are attached to.

One common thread running through this group of vendors is a person – Israeli entrepreneur Shlomo Kramer. He’s a founder of Check Point Software and Imperva Networks, and is currently CEO of noteworthy startup Cato Networks, which provides a variety of security services in the cloud.

He’s also an investor in two other startups we’re watching – Indegy and SafeBreach.

Headquarters: Waterloo, Canada Founded: 2012 Funding: $27.7 million from Lightspeed Venture Partners and Redpoint Leaders: Brian NeSmith, former CEO of Blue Coat Fun fact: One of the company’s security operations centers is in Waterloo to tap tech grads of because the University of Waterloo.

Why we’re following it: The SIEM as a Service model for the company is attractive to smaller enterprises that can’t afford similarly sophisticated defenses that are capable of reducing the number of security events to investigate. Cutting through the noise enables these customers to get by with fewer on-staff security pros, an increasingly scarce commodity.

Headquarters: San Diego Founded: 2013 Funding: Supported by EvoNexus technology incubator Leaders: CEO Stephan Chenette and Chief Archtect Rajesh Sharma Fun fact: The cofounders are alumni of Websense but didn’t work there at the same time.

Why we’re following it: AttackIQ’s platform, FireDrill, continuously runs attack scenarios against customer networks to verify that defenses are performing as they were designed to. This can assure that unintentional holes aren’t left open for attackers to exploit.

Why we’re following it: Kramer’s track record and the growing popularity of cloud-based security services gives Cato a seat in a hot market. The company serves up traditional security platforms - next-generation firewalling, URL filtering, application control and VPN access – in its cloud. Its willingness to license its technology to other service providers opens up a potentially large and steady revenue stream.

Headquarters: Boston Founded: 2015 Funding: $1.3 million in seed funding from Petrillo Capital, angel and strategic investors Leaders: CEO Ernesto DiGiambattista and Chief Innovation Officer Mike Kail Fun fact: One adviser to the company is former Boston Police Commissioner Ed Davis, who is also a safety adviser for Uber.

Why we’re following it: Cybric’s notion of running constant tests against exact models of corporate networks in order to reveal vulnerabilities not only helps strengthen defenses, it does so without disrupting the production network. Running these simulations in parallel in the cloud means vulnerabilities are discovered faster.

Headquarters: San Jose, Calif. Founded: 2010 Funding: $7 million from Highland Capital Partners Leaders: CEO Ted Ho who founded Gigamon Fun fact: James Lin, the company’s founder, also founded RapidStream (acquired by WatchGuard)

Why we’re following it: Data security is a key component to preventing data breaches, and Datiphy is focused on that with a platform that it has proved in service provider networks. Its platform keeps an eye on sensitive data and flags when it’s being accessed inappropriately. It has started seeking partners to interoperate with its API to enforce policies when it discovers policy violations.

Why we’re following it: Attacks on industrial control and supervisory control and data acquisition (SCADA) systems is a continuing problem hanging over critical infrastructure like power grids and water supplies. Its appliances protect deployed SCADA devices that may be too numerous to replace with more secure ones. By monitoring to find alterations in the control planes of SCADA devices Indegy can discover potential changes to their programmable logic controllers that may indicate attacks. This can help discover threats before they are carried out to older systems lacking defenses.

Why we’re following it: SafeBreach constantly tests networks for weaknesses that by themselves don’t endanger security but in combination with others could. It makes the connections that might lead to a successful attack so customers can fix them. This is the hacker’s approach to breaching networks, and SafeBreach has developed a hackers’ playbook its platform runs through to probe customer networks.

Why we’re following it: With the growing belief that breaches are inevitable, stopping them quickly is an important defense in order to limit damage. Seceon does this but also can automate responses to shorten the time the attack is effective by triggering third-party devices on the network to block threats. It also makes associations that otherwise would have to be made manually, freeing up human analysts from mundane chores.

Why we’re following it: Simility tries to address the increasing problem of credit card and online banking fraud with a service that issues risk scores about transactions. It does so fast enough to enable cutting off these attacks mid-transaction, which will help cut down on losses suffered by victims of this type of criminal activity.

Headquarters: Scottsdale, Ariz. Founded: 2015 Funding: $8 million from Kleiner Perkins Caufield & Byers Leaders: CEO Ori Eisen, former fraud detection chief at American Express Fun fact: Frank Abagnale, the former con-man and subject of the movie “Catch Me If You Can” is a consultant to the company.

Why we’re following it: Trusona has put together a four-factor authentication scheme involving anti-cloning technology and a dongle for which customers must identify themselves in person. While not priced for everyday consumer use, it may find a following among executives who may be targeted by whale phishers and to protect monetary and intellectual property assets.

Headquarters: Mountain View, Calif. Founded: 2012 Funding: $9.97 million from August Capital, Square Peg Capital, Scott Petry and Peter ThielLeaders: co-CEOS Mike Baukes and Alan Sharp-PaulFun fact: The company lists its team by musical instrument, as if they played in a band.

Why we’re following it: Upguard’s platform gives security pros insights into configurations of every device on a network and seeks out anomalies that can help businesses meet compliance standards as well as spot changes that could indicate compromise. That data is rolled up into a number – its Cybersecurity Threat Assessment Report (CSTAR) – to capsulize how vulnerable a network is to attack.

Why we’re following it: Running constant attacks against live networks without negative consequences is what this company does, a good way to check for weaknesses and also gives security personnel the chance to experience what it’s like to be under attack. Also, the founders have succeeded in a startup before.

Headquarters: Mountain View, Calif. Founded: 2014Funding: $2.3 million from angel investors Leaders: CEO Xu Zou and CTO May Wang Fun fact: Without any product to its name, the company received a buyout offer last year.

Why we’re following it: Although the company hasn’t launched yet, it is working on Internet of Things security that doesn’t require upgrades to the IoT devices themselves, but rather to the routers they connect to. This gets around the problem of legacy IoT devices or those whose price and processing power doesn’t allow for much in the way of security. Also, the company leaders have experience with security via Cisco, which knows a thing or two about routers.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.